#10738 Prevent imports of users with ROLE_ID_SITE_ADMIN

pkp · Dec 19, 2024 · 23e7394 · 23e7394
1 parent 59e80cc
commit 23e7394
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 5 deletions.
diff --git a/classes/migration/upgrade/v3_5_0/I10738_RemoveInvalidUserGroups.php b/classes/migration/upgrade/v3_5_0/I10738_RemoveInvalidUserGroups.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * @file classes/migration/upgrade/v3_5_0/I10738_RemoveInvalidUserGroups.php
+ *
+ * Copyright (c) 2024 Simon Fraser University
+ * Copyright (c) 2024 John Willinsky
+ * Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
+ *
+ * @class I10738_RemoveInvalidUserGroups
+ *
+ * @brief Remove invalid Site Admin groups with a context association.
+ */
+
+namespace PKP\migration\upgrade\v3_5_0;
+
+use Illuminate\Support\Facades\DB;
+use PKP\migration\Migration;
+
+class I10738_RemoveInvalidUserGroups extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        DB::table('user_groups')
+            ->where('role_id', 1) // Role::ROLE_ID_SITE_ADMIN
+            ->whereNotNull('context_id')
+            ->delete();
+    }
+
+    /**
+     * Reverse the migration.
+     */
+    public function down(): void
+    {
+        // noop
+    }
+}
diff --git a/plugins/importexport/users/filter/NativeXmlUserGroupFilter.php b/plugins/importexport/users/filter/NativeXmlUserGroupFilter.php
@@ -16,12 +16,10 @@
 
 namespace PKP\plugins\importexport\users\filter;
 
-use APP\facades\Repo;
 use PKP\filter\FilterGroup;
+use PKP\security\Role;
 use PKP\userGroup\relationships\UserGroupStage;
 use PKP\userGroup\UserGroup;
-use PKP\userGroup\Repository as UserGroupRepository;
-use Illuminate\Support\Facades\App;
 
 class NativeXmlUserGroupFilter extends \PKP\plugins\importexport\native\filter\NativeImportFilter
 {
@@ -74,15 +72,15 @@ public function handleElement($node)
         // Create the UserGroup object.
         $userGroup = new UserGroup();
         $userGroup->contextId = $context->getId();
-        
+
         // Extract the name node element to see if this user group exists already.
         $nodeList = $node->getElementsByTagNameNS($deployment->getNamespace(), 'name');
         if ($nodeList->length > 0) {
             $content = $this->parseLocalizedContent($nodeList->item(0)); // $content[1] contains the localized name.
             $userGroups = UserGroup::query()
                 ->withContextIds($context->getId())
                 ->get();
-        
+
             foreach ($userGroups as $testGroup) {
                 if (in_array($content[1], $testGroup->name)) {
                     return $testGroup;  // We found one with the same name.
@@ -122,6 +120,14 @@ public function handleElement($node)
                     }
                 }
             }
+
+            if (!in_array(
+                $userGroup->roleId,
+                [Role::ROLE_ID_MANAGER, Role::ROLE_ID_SUB_EDITOR, Role::ROLE_ID_AUTHOR, Role::ROLE_ID_REVIEWER, Role::ROLE_ID_ASSISTANT, Role::ROLE_ID_READER, Role::ROLE_ID_SUBSCRIPTION_MANAGER]
+            )) {
+                throw new \Exception('Unacceptable role_id ' . $userGroup->roleId);
+            }
+
             $userGroup->save();
             $userGroupId = $userGroup->id;